SQL Server 2005 SP3 is now available on Windows Update

Chris Wood let me know that the update is now being pushed through Windows Update / Microsoft Update.

Aaron Bertrand

I am a passionate technologist with industry experience dating back to Classic ASP and SQL Server 6.5. I am a long-time Microsoft MVP, write at SQLPerformance and MSSQLTips, and have had the honor of speaking at more conferences than I can remember. In non-tech life, I am a father of two, a huge hockey and football fan, and my pronouns are he/him. If I've helped you out, consider thanking me with a coffee. :-)

12 Responses

  1. tosc says:

    I agree with Mikes thought – great minds think alike 🙂
    In our organisation we use WSUS-Server, there is an OU for my SQLis – included OS patches etc., delegated to me. One a month i have a meeting with the net-guys -> patch-day. I don't like to hang my servers to MU.

  2. hakan says:

    i have vista and i sql server 2005 but i dont have reporting services help me !!!! if anybody knows how to get reporting services for vista home premium please tell me thanks..

  3. AaronBertrand says:

    No I understand (hence the smiley).  🙂
    But even for places that "never patch" this isn't all that great, because SP3 is an optional update, meaning it won't be installed unless you select it.  I imagine though that a slammer-style patch will be slightly higher priority.  🙂

  4. James Luetkehoelter says:

    Hey Aaron,
    I was no implying that you were endorsing it – sorry if it came off that way. I know that you have the same concerns I voiced. Is this good? Could be, depending on the organization. For those places that never patch and get hit by things like the slammer, it's essential. For larger organizations with critical systems running on SQL, it's dangerous – if they have no communication with infrastructure (which I think is THE fundamental problem in IT shops – siloing is the devil!)
    So no maltent intended Aaron, sorry if it came out that way. I think we all agree that there are concerns here….

  5. Chris Wood says:

    I raised Connect issues 275500 and 375611 but they both got closed by MS. There must be a better way if you use MU on your servers.

  6. Mike Walsh says:

    Saw the headline and I thought.. That's scary. I want DB SPs going through me not under the "process" the other teams "follow" 🙂

  7. Chris Wood says:

    The good news is that they are changing from using Microsoft Update. They had to patch a number of servers at a time and with the patch being a full blown security patch it was checked to be installed and needed intervention to stop it. I learnt my lesson so if I know that an SQL patch (better watch for KB961040 when it comes out) I just need to run MU on the servers and hide the SQL ones.

  8. AaronBertrand says:

    In my defense, I was just relaying the information (as much to warn people as to rah rah about it).  I didn't say it is a good thing for everyone.  🙂

  9. James Luetkehoelter says:

    Hey Chris,
    I agree the intentions are good, and the process isn't bad IF you know about it and have time to test it – or at least know when it is going to happen. Do your infrastructure people communicate that kind of thing? That's the stuff that scares me, when people work in silos…..

  10. Chris Wood says:

    I have been caught by this with the last set of SQL2005 security patches showing up under Microsoft Update. Our Infrastructure guys used Microsoft Update on the servers to patch. I had a few SQL2005 instances updated without knowing. I go onto the servers and hide the SQL updates. Only way I can see as Microsoft felt that Microsoft Update was a good medium to send out SQL patches. That method stops the slammer fixes from being missed.

  11. James Luetkehoelter says:

    Hmmm…I'm not so sure that's a good thing. If I were administering a large SQL installation, I'd like to control the deployment of service packs and/or hotfixes. If an organization is "silo-ed", it's possible that the DBAs have no idea what fixes are put on Windows. I suppose that my concerns are more process based than having the SP available on Windows Update, but it does still worry me.